Do you use or administer OpenEMR? Take the General Satisfaction Survey to help improve the product

New User questions about security

Hi, I’m an owner of a medical home care company. OpenEMR amazed me. Definitely will test this. But, having a couple of questions regarding OpemEMR security:

  1. Des OpenEMR has 2FA authentication?
  2. What password-encryption type is on Open EMR?
  3. does the OpenEMR have a patient portal?
  4. HIPPAA compatible but how about European GDPR? It is also compatible?
    Thank you in advance!

hi @Frayer1 ,

  1. yes (supports TOTP and U2F)
  2. 3 password hashing options (defaults to bcrypt/blowfish, other options are argon and crypt/sha512) (all considered secure)
  3. yes
  4. don’t know; this would be a good thing to research (ie. what are the specific requirements and then could provide more specifics)

Regarding GDPR you need to make some modifications regarding patient information (forms build). Others aspects are concerning mainly your architecture (location, access, etc…) and sécurity build (back-up, Disaster Recovery, logs). European Régulations is asking GRPD for all private data and many countries asking more for Health Private Data Storage (HDS).
To go deeper :

  • It’s simple if you stored yourself (as physicians or clinics) even in Saas Mode. Déclarations and build are need.
  • If you dedicate to a private IT company, it will need little bit more than GRPD (like HDS for France - Health Data Stage or Germany, Spain, Italy even UK…;-)). The company need a Health Data Storage Certification.